Regulator Finds Facebook has Serious Privacy Gaps

The world’s largest social networking site has been taken to task over its “serious privacy gaps”. Facebook was the focus of an investigation by Canada’s Privacy Commissioner and found to be in direct violation of Canadian privacy laws. The results of this investigation are likely to have significant implications for genealogy, even for those genealogists who do not use Facebook.

This is the first time a government has made very specific allegations about Facebook’s privacy practices. The allegations are based on the results of an in-depth study of the popular social network site. Specifically targeted in the allegations are third-party applications on Facebook, which would include the popular genealogy application We’re Related amongst others. The third-party application We're Related has been singled out before by European regulators as being potentially in violation of people's privacy rights. It is the fourth most popular application on Facebook with 50 million users and it demands on personal information much more than most other applications.

Facebook has some 200 million users worldwide. Canada alone has 12 million users in a country with a total population of some 34 million people. Canada is thought to have the greatest percentage of the population on Facebook of any country in the world. Consequently, Canada’s privacy regulator has taken an interest in privacy rights and how they are interpreted by social network sites. This follows a privacy complaint labeled against Facebook in 2008.

Regulators in other countries such as in Europe have also taken a look at Facebook issues but they appear to still be in the fact discovery phase. US regulators have sadly ignored the issue. It is interesting that even though the United States is at the forefront of creating new technologies, they are often not at the forefront of regulating them (this became painfully obvious in the US with the recent financial market meltdown).

Here are some of the specific findings of the Facebook privacy investigation (the full 75-page report can be accessed here). Some of these concerns have serious genealogy implications:
• The overarching concern was that Facebook‘s privacy practices were often confusing, incomplete and generally lacked transparency.
• Facebook did not make a reasonable effort to inform users how their private information would be used.
• The default privacy setting for any information posted at Facebook was to make all information available to anyone. Users had to specifically opt-in to control their privacy (as opposed to the more traditional policy of opt-out to open up their information to anyone).
• Facebook had misrepresented their privacy controls by “implying that they are limited to the privacy settings, when in fact they include the friend and network architecture”.
• If a user does not join a network, their privacy settings will be defaulted to sharing with “Only Friends”. “However, if that user subsequently joins any network for the first time, his or her default privacy settings will automatically change to include sharing with network members.”
• The user is not told in real time that their privacy settings have been changed to wide open to everyone if they join third-party applications like We’re Related. Most genealogists are not aware that an application like We’re Related has access to all their private information.